Add strict equality check for VB key digest length on VSR-16+.
Bug: 376832222
Bug: 220834466
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I6f3decf87a4ec3de57ed21e193954ef3d1a328df
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 0ce6a15..09446ce 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1908,16 +1908,29 @@
}
}
+ if (get_vsr_api_level() > __ANDROID_API_V__) {
+ // The Verified Boot key field should be exactly 32 bytes since it
+ // contains the SHA-256 hash of the key on locked devices or 32 bytes
+ // of zeroes on unlocked devices. This wasn't checked for earlier
+ // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ EXPECT_EQ(verified_boot_key.size(), 32);
+ } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+ // The Verified Boot key field should be:
+ // - Exactly 32 bytes on locked devices since it should contain
+ // the SHA-256 hash of the key, or
+ // - Up to 32 bytes of zeroes on unlocked devices (behaviour on
+ // unlocked devices isn't specified in the HAL interface
+ // specification).
+ // Thus, we can't check for strict equality in case unlocked devices
+ // report values with less than 32 bytes. This wasn't checked for
+ // earlier versions of the KeyMint HAL, so only check on VSR-15.
+ EXPECT_LE(verified_boot_key.size(), 32);
+ }
+
// Verified Boot key should be all zeroes if the boot state is "orange".
std::string empty_boot_key(32, '\0');
std::string verified_boot_key_str((const char*)verified_boot_key.data(),
verified_boot_key.size());
- if (get_vsr_api_level() >= __ANDROID_API_V__) {
- // The attestation should contain the SHA-256 hash of the verified boot
- // key. However, this was not checked for earlier versions of the KeyMint
- // HAL so only be strict for VSR-V and above.
- EXPECT_LE(verified_boot_key.size(), 32);
- }
EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);
if (!strcmp(property_value, "green")) {
EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);
diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
index 9f7322a..f7639bf 100644
--- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
+++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
@@ -114,10 +114,22 @@
const auto& vbKey = rot->asArray()->get(pos++);
ASSERT_TRUE(vbKey);
ASSERT_TRUE(vbKey->asBstr());
- if (get_vsr_api_level() >= __ANDROID_API_V__) {
- // The attestation should contain the SHA-256 hash of the verified boot
- // key. However, this not was checked for earlier versions of the KeyMint
- // HAL so only be strict for VSR-V and above.
+ if (get_vsr_api_level() > __ANDROID_API_V__) {
+ // The Verified Boot key field should be exactly 32 bytes since it
+ // contains the SHA-256 hash of the key on locked devices or 32 bytes
+ // of zeroes on unlocked devices. This wasn't checked for earlier
+ // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ ASSERT_EQ(vbKey->asBstr()->value().size(), 32);
+ } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+ // The Verified Boot key field should be:
+ // - Exactly 32 bytes on locked devices since it should contain
+ // the SHA-256 hash of the key, or
+ // - Up to 32 bytes of zeroes on unlocked devices (behaviour on
+ // unlocked devices isn't specified in the HAL interface
+ // specification).
+ // Thus, we can't check for strict equality in case unlocked devices
+ // report values with less than 32 bytes. This wasn't checked for
+ // earlier versions of the KeyMint HAL, so only check on VSR-15.
ASSERT_LE(vbKey->asBstr()->value().size(), 32);
}